1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-26 01:50:31 +00:00

New Oauth code

This commit is contained in:
Ozzieisaacs 2019-07-20 20:01:05 +02:00
parent 26a7d9ef30
commit c6542fdec6
8 changed files with 141 additions and 37 deletions

View File

@ -56,10 +56,11 @@ feature_support = {
# feature_support['rar'] = False # feature_support['rar'] = False
try: try:
from .oauth_bb import oauth_check from .oauth_bb import oauth_check, oauthblueprints
feature_support['oauth'] = True feature_support['oauth'] = True
except ImportError: except ImportError:
feature_support['oauth'] = False feature_support['oauth'] = False
oauthblueprints = []
oauth_check = {} oauth_check = {}
@ -410,7 +411,7 @@ def _configuration_result(error_flash=None, gdriveError=None):
flash(_(error_flash), category="error") flash(_(error_flash), category="error")
show_login_button = False show_login_button = False
return render_title_template("config_edit.html", config=config, return render_title_template("config_edit.html", config=config, provider=oauthblueprints,
show_back_button=show_back_button, show_login_button=show_login_button, show_back_button=show_back_button, show_login_button=show_login_button,
show_authenticate_google_drive=gdrive_authenticate, show_authenticate_google_drive=gdrive_authenticate,
gdriveError=gdriveError, gdrivefolders=gdrivefolders, feature_support=feature_support, gdriveError=gdriveError, gdrivefolders=gdrivefolders, feature_support=feature_support,

View File

@ -84,11 +84,11 @@ class _Settings(_Base):
config_login_type = Column(Integer, default=0) config_login_type = Column(Integer, default=0)
config_oauth_provider = Column(Boolean) config_oauth_provider = Column(Integer)
config_github_oauth_client_id = Column(String) #config_github_oauth_client_id = Column(String)
config_github_oauth_client_secret = Column(String) #config_github_oauth_client_secret = Column(String)
config_google_oauth_client_id = Column(String) #config_google_oauth_client_id = Column(String)
config_google_oauth_client_secret = Column(String) #config_google_oauth_client_secret = Column(String)
config_ldap_provider_url = Column(String, default='localhost') config_ldap_provider_url = Column(String, default='localhost')
config_ldap_port = Column(SmallInteger, default=389) config_ldap_port = Column(SmallInteger, default=389)
@ -310,3 +310,12 @@ def load_configuration(session):
session.commit() session.commit()
return _ConfigSQL(session) return _ConfigSQL(session)
def load_oauth(session):
#_migrate_database(session)
if not session.query(OAuthProvider).count():
session.add(_Settings())
session.commit()
return _ConfigSQL(session)

View File

@ -71,6 +71,7 @@ from .worker import TASK_EMAIL, TASK_CONVERT, TASK_UPLOAD, TASK_CONVERT_ANY
log = logger.create() log = logger.create()
# ToDo delete duplicate
def update_download(book_id, user_id): def update_download(book_id, user_id):
check = ub.session.query(ub.Downloads).filter(ub.Downloads.user_id == user_id).filter(ub.Downloads.book_id == check = ub.session.query(ub.Downloads).filter(ub.Downloads.user_id == user_id).filter(ub.Downloads.book_id ==
book_id).first() book_id).first()

View File

@ -45,7 +45,7 @@ oauth = Blueprint('oauth', __name__)
log = logger.create() log = logger.create()
def github_oauth_required(f): '''def github_oauth_required(f):
@wraps(f) @wraps(f)
def inner(*args, **kwargs): def inner(*args, **kwargs):
if config.config_login_type == constants.LOGIN_OAUTH_GITHUB: if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
@ -72,6 +72,21 @@ def google_oauth_required(f):
return response, 404 return response, 404
abort(404) abort(404)
return inner'''
def oauth_required(f):
@wraps(f)
def inner(*args, **kwargs):
if config.config_oauth_provider:
return f(*args, **kwargs)
if request.is_xhr:
data = {'status': 'error', 'message': 'Not Found'}
response = make_response(json.dumps(data, ensure_ascii=False))
response.headers["Content-Type"] = "application/json; charset=utf-8"
return response, 404
abort(404)
return inner return inner
@ -115,10 +130,62 @@ def logout_oauth_user():
session.pop(oauth + '_oauth_user_id') session.pop(oauth + '_oauth_user_id')
if ub.oauth_support: if ub.oauth_support:
github_blueprint = make_github_blueprint( oauthblueprints =[]
if not ub.session.query(ub.OAuthProvider).count():
oauth = ub.OAuthProvider()
oauth.provider_name = "github"
oauth.active = False
ub.session.add(oauth)
ub.session.commit()
oauth = ub.OAuthProvider()
oauth.provider_name = "google"
oauth.active = False
ub.session.add(oauth)
ub.session.commit()
'''new_scope = ub.OAuthScope(provider_id=oauth.id, scope="https://www.googleapis.com/auth/plus.me")
ub.session.add(new_scope)
ub.session.commit()
new_scope = ub.OAuthScope(provider_id=oauth.id, scope="https://www.googleapis.com/auth/userinfo.email")
ub.session.add(new_scope)
ub.session.commit()'''
ele1=dict(provider_name='Github',
active=False,
oauth_client_id=None,
scope=None,
oauth_client_secret=None,
obtain_link='https://github.com/settings/developers')
ele2=dict(provider_name='Google',
active=False,
scope=["https://www.googleapis.com/auth/plus.me", "https://www.googleapis.com/auth/userinfo.email"],
oauth_client_id=None,
oauth_client_secret=None,
obtain_link='https://github.com/settings/developers')
oauthblueprints.append(ele1)
oauthblueprints.append(ele2)
for element in oauthblueprints:
if element['provider_name'] == 'Github':
blueprint_func = make_github_blueprint
else:
blueprint_func = make_google_blueprint
blueprint = blueprint_func(
client_id=element['oauth_client_id'],
client_secret=element['oauth_client_secret'],
redirect_to="oauth."+element['provider_name']+"_login",
scope = element['scope']
)
element['blueprint']=blueprint
app.register_blueprint(blueprint, url_prefix="/login")
element['blueprint'].backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
if element['active']:
register_oauth_blueprint(element['blueprint'], element['provider_name'])
'''github_blueprint = make_github_blueprint(
client_id=config.config_github_oauth_client_id, client_id=config.config_github_oauth_client_id,
client_secret=config.config_github_oauth_client_secret, client_secret=config.config_github_oauth_client_secret,
redirect_to="oauth.github_login",) redirect_to="oauth.github_login")
google_blueprint = make_google_blueprint( google_blueprint = make_google_blueprint(
client_id=config.config_google_oauth_client_id, client_id=config.config_google_oauth_client_id,
@ -134,16 +201,15 @@ if ub.oauth_support:
app.register_blueprint(github_blueprint, url_prefix='/login') app.register_blueprint(github_blueprint, url_prefix='/login')
github_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True) github_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)
google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True) google_blueprint.backend = OAuthBackend(ub.OAuth, ub.session, user=current_user, user_required=True)'''
'''if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
if config.config_login_type == constants.LOGIN_OAUTH_GITHUB:
register_oauth_blueprint(github_blueprint, 'GitHub') register_oauth_blueprint(github_blueprint, 'GitHub')
if config.config_login_type == constants.LOGIN_OAUTH_GOOGLE: if config.config_login_type == constants.LOGIN_OAUTH_GOOGLE:
register_oauth_blueprint(google_blueprint, 'Google') register_oauth_blueprint(google_blueprint, 'Google')'''
@oauth_authorized.connect_via(github_blueprint) @oauth_authorized.connect_via(oauthblueprints[0]['blueprint'])
def github_logged_in(blueprint, token): def github_logged_in(blueprint, token):
if not token: if not token:
flash(_(u"Failed to log in with GitHub."), category="error") flash(_(u"Failed to log in with GitHub."), category="error")
@ -159,7 +225,7 @@ if ub.oauth_support:
return oauth_update_token(blueprint, token, github_user_id) return oauth_update_token(blueprint, token, github_user_id)
@oauth_authorized.connect_via(google_blueprint) @oauth_authorized.connect_via(oauthblueprints[1]['blueprint'])
def google_logged_in(blueprint, token): def google_logged_in(blueprint, token):
if not token: if not token:
flash(_(u"Failed to log in with Google."), category="error") flash(_(u"Failed to log in with Google."), category="error")
@ -278,7 +344,7 @@ if ub.oauth_support:
# notify on OAuth provider error # notify on OAuth provider error
@oauth_error.connect_via(github_blueprint) @oauth_error.connect_via(oauthblueprints[0]['blueprint'])
def github_error(blueprint, error, error_description=None, error_uri=None): def github_error(blueprint, error, error_description=None, error_uri=None):
msg = ( msg = (
u"OAuth error from {name}! " u"OAuth error from {name}! "
@ -293,14 +359,14 @@ if ub.oauth_support:
@oauth.route('/github') @oauth.route('/github')
@github_oauth_required @oauth_required
def github_login(): def github_login():
if not github.authorized: if not github.authorized:
return redirect(url_for('github.login')) return redirect(url_for('github.login'))
account_info = github.get('/user') account_info = github.get('/user')
if account_info.ok: if account_info.ok:
account_info_json = account_info.json() account_info_json = account_info.json()
return bind_oauth_or_register(github_blueprint.name, account_info_json['id'], 'github.login') return bind_oauth_or_register(oauthblueprints[0]['blueprint'].name, account_info_json['id'], 'github.login')
flash(_(u"GitHub Oauth error, please retry later."), category="error") flash(_(u"GitHub Oauth error, please retry later."), category="error")
return redirect(url_for('web.login')) return redirect(url_for('web.login'))
@ -308,23 +374,23 @@ if ub.oauth_support:
@oauth.route('/unlink/github', methods=["GET"]) @oauth.route('/unlink/github', methods=["GET"])
@login_required @login_required
def github_login_unlink(): def github_login_unlink():
return unlink_oauth(github_blueprint.name) return unlink_oauth(oauthblueprints[0]['blueprint'].name)
@oauth.route('/login/google') @oauth.route('/login/google')
@google_oauth_required @oauth_required
def google_login(): def google_login():
if not google.authorized: if not google.authorized:
return redirect(url_for("google.login")) return redirect(url_for("google.login"))
resp = google.get("/oauth2/v2/userinfo") resp = google.get("/oauth2/v2/userinfo")
if resp.ok: if resp.ok:
account_info_json = resp.json() account_info_json = resp.json()
return bind_oauth_or_register(google_blueprint.name, account_info_json['id'], 'google.login') return bind_oauth_or_register(oauthblueprints[1]['blueprint'].name, account_info_json['id'], 'google.login')
flash(_(u"Google Oauth error, please retry later."), category="error") flash(_(u"Google Oauth error, please retry later."), category="error")
return redirect(url_for('web.login')) return redirect(url_for('web.login'))
@oauth_error.connect_via(google_blueprint) @oauth_error.connect_via(oauthblueprints[1]['blueprint'])
def google_error(blueprint, error, error_description=None, error_uri=None): def google_error(blueprint, error, error_description=None, error_uri=None):
msg = ( msg = (
u"OAuth error from {name}! " u"OAuth error from {name}! "
@ -341,4 +407,4 @@ if ub.oauth_support:
@oauth.route('/unlink/google', methods=["GET"]) @oauth.route('/unlink/google', methods=["GET"])
@login_required @login_required
def google_login_unlink(): def google_login_unlink():
return unlink_oauth(google_blueprint.name) return unlink_oauth(oauthblueprints[1]['blueprint'].name)

View File

@ -37,10 +37,11 @@ $(document).on("change", "select[data-control]", function() {
var showOrHide = parseInt($this.val()); var showOrHide = parseInt($this.val());
// var showOrHideLast = $("#" + name + " option:last").val() // var showOrHideLast = $("#" + name + " option:last").val()
for (var i = 0; i < $(this)[0].length; i++) { for (var i = 0; i < $(this)[0].length; i++) {
if (parseInt($(this)[0][i].value) === showOrHide) { var element = parseInt($(this)[0][i].value);
$("[data-related=\"" + name + "-" + i + "\"]").show(); if (element === showOrHide) {
$("[data-related=" + name + "-" + element + "]").show();
} else { } else {
$("[data-related=\"" + name + "-" + i + "\"]").hide(); $("[data-related=" + name + "-" + element + "]").hide();
} }
} }
}); });

View File

@ -195,8 +195,7 @@
<option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option> <option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
<option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option> <option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use OAuth')}}</option>
<option value="3" {% if config.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
{% endif %} {% endif %}
</select> </select>
</div> </div>
@ -256,19 +255,22 @@
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
<div data-related="login-settings-2"> <div data-related="login-settings-2">
{% for prov in provider %}
<div class="form-group"> <div class="form-group">
<a href="https://github.com/settings/developers" target="_blank">{{_('Obtain GitHub OAuth Credential')}}</a> <a href="{{prov['obtain_link']}}" target="_blank">{{_('Obtain %(provider)s OAuth Credential', provider=prov['provider_name'])}}</a>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label> <label for="config_{{ prov['provider_name'] }}_oauth_client_id">{{_('%(provider)s OAuth Client Id', provider=prov['provider_name'])}}</label>
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if config.config_github_oauth_client_id != None %}{{ config.config_github_oauth_client_id }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_{{ prov['provider_name'] }}_oauth_client_id" name="config_{{ prov['provider_name'] }}_oauth_client_id" value="{% if prov['active'] %}{{ prov['oauth_client_id'] }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_github_oauth_client_secret">{{_('GitHub OAuth Client Secret')}}</label> <label for="config_{{ prov['provider_name'] }}_oauth_client_secret">{{_('%(provider)s OAuth Client Secret', provider=prov['provider_name'])}}</label>
<input type="text" class="form-control" id="config_github_oauth_client_secret" name="config_github_oauth_client_secret" value="{% if config.config_github_oauth_client_secret != None %}{{ config.config_github_oauth_client_secret }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_{{ prov['provider_name'] }}_oauth_client_secret" name="config_{{ prov['provider_name'] }}_oauth_client_secret" value="{% if prov['active'] %}{{ prov['oauth_client_id'] }}{% endif %}" autocomplete="off">
</div> </div>
{% endfor %}
</div> </div>
<div data-related="login-settings-3">
<!--div data-related="login-settings-3">
<div class="form-group"> <div class="form-group">
<a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a> <a href="https://console.developers.google.com/apis/credentials" target="_blank">{{_('Obtain Google OAuth Credential')}}</a>
</div> </div>
@ -280,7 +282,7 @@
<label for="config_google_oauth_client_secret">{{_('Google OAuth Client Secret')}}</label> <label for="config_google_oauth_client_secret">{{_('Google OAuth Client Secret')}}</label>
<input type="text" class="form-control" id="config_google_oauth_client_secret" name="config_google_oauth_client_secret" value="{% if config.config_google_oauth_client_secret != None %}{{ config.config_google_oauth_client_secret }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_google_oauth_client_secret" name="config_google_oauth_client_secret" value="{% if config.config_google_oauth_client_secret != None %}{{ config.config_google_oauth_client_secret }}{% endif %}" autocomplete="off">
</div> </div>
</div> </div-->
{% endif %} {% endif %}
{% endif %} {% endif %}
</div> </div>

View File

@ -186,6 +186,26 @@ if oauth_support:
user_id = Column(Integer, ForeignKey(User.id)) user_id = Column(Integer, ForeignKey(User.id))
user = relationship(User) user = relationship(User)
class OAuthProvider(Base):
__tablename__ = 'oauthProvider'
id = Column(Integer, primary_key=True)
provider_name = Column(String)
oauth_client_id = Column(String)
oauth_client_secret = Column(String)
active = Column(Boolean)
# scope = relationship('OAuthScope', backref='oauthProvider')
'''class OAuthScope(Base):
__tablename__ = 'oauthScope'
id = Column(Integer, primary_key=True)
scope = Column(String, unique=True)
provider_id = Column(Integer, ForeignKey('oauthProvider.id'))
def __repr__(self):
return u"{0}".format(self.scope)'''
# Class for anonymous user is derived from User base and completly overrides methods and properties for the # Class for anonymous user is derived from User base and completly overrides methods and properties for the
# anonymous user # anonymous user

View File

@ -18,7 +18,11 @@ python-Levenshtein>=0.12.0
# ldap login # ldap login
python_ldap>=3.0.0 python_ldap>=3.0.0
flask-simpleldap flask-simpleldap>1.3.0
#oauth
flask-dance>=0.13.0
sqlalchemy_utils>=0.33.5
# extracting metadata # extracting metadata
lxml>=3.8.0 lxml>=3.8.0